I have two servers I am monitoring with NRPE 2.0. One works, one does not and I’m running out of ideas of configuration settings that must not be the same to have this happen:
root@nagioshost # ./check_nrpe -H servera -c check_apache
OK - 12 processes running with UID = 155 (apache)
root@nagioshost # ./check_nrpe -H serverb -c check_apache
CHECK_NRPE: Error - Could not complete SSL handshake.
nagioshost, servera and serverb are all Solaris 9.
nagioshost is running nagios 1.2, check_nrpe 2.0
I have confirmed with ldd that NRPE is compiled with SSL support.
servera & serverb both have copies of the same NRPE 2.0 binary.
servera & serverb both have the SSL libraries that the NRPE binary was compiled against
servera & serverb both have /usr/local/nagios/etc/nrpe.cfg owned by nagios:nagios and chmod’d 644
servera & serverb both have “nrpe 5666/tcp #NRPE” in /etc/services
servera & serverb both have “*.nrpe . 0 0 49152 0 LISTEN” in netstat -a|grep nrpe
servera & serverb both have “nrpe stream tcp nowait nagios /usr/sfw/sbin/tcpd /usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -i” in /etc/inetd.conf
Here’s the difference:
if I telnet from nagioshost to servera on port 5666 (from nrpe.cfg) I can count to 20 and when I enter some text followed by enter, servera closes the connection
if I telnet from nagioshost to serverb on port 5666 (from nrpe.cfg) I can only count to 5 before serverb closes the connection. If I repeat the task from nagioshost to serverb and start typing as soon as prompted serverb will close the connection in the middle of typing.
So i think what is happening is that the connection is closing before the SSL handshake is completed or the NRPE handoff to a local command. How do I figure out what in serverb is closing the connection so fast?